CVE-2018-5852

Summary

An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4_nat'

Affected Software

VendorProductVersion RangeStatus
Qualcomm, Inc.SnapdragonMDM9206affected
Qualcomm, Inc.SnapdragonMDM9607affected
Qualcomm, Inc.SnapdragonMDM9640affected
Qualcomm, Inc.SnapdragonMDM9650affected
Qualcomm, Inc.SnapdragonMSM8909Waffected
Qualcomm, Inc.SnapdragonSD 210/SD 212/SD 205affected
Qualcomm, Inc.SnapdragonSD 425affected
Qualcomm, Inc.SnapdragonSD 430affected
Qualcomm, Inc.SnapdragonSD 450affected
Qualcomm, Inc.SnapdragonSD 615/16/SD 415affected
Qualcomm, Inc.SnapdragonSD 617affected
Qualcomm, Inc.SnapdragonSD 625affected
Qualcomm, Inc.SnapdragonSD 650/52affected
Qualcomm, Inc.SnapdragonSD 810affected
Qualcomm, Inc.SnapdragonSD 820affected
Qualcomm, Inc.SnapdragonSD 820Aaffected
Qualcomm, Inc.SnapdragonSD 835affected
Qualcomm, Inc.SnapdragonSD 845affected

Weaknesses

  • CWE-126: CWE-126 Buffer Over-read

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References